Share these talks and lectures with your colleagues
Invite colleaguesResearch paper
An approach to establishing a multi-organisational public sector security operations centre
Cyber Security: A Peer-Reviewed Journal,
6
(4),
373-383
(2023)
Abstract
This paper presents a conceptual approach towards a public sector security operations centre capability at a regional level. This study supports the concept of the Government Cyber Coordination Centre as detailed in the UK Government Cyber Security Strategy December 2022, supporting the ‘Defend as One’ approach. The paper further proposes that the approach should work with nodes at a peer sub-regional and local level with information being aggregated at a regional or national level, with central oversight. This paper also considers some of the open-source tools available to support a security operations centre (SOC) approach, offering a framework for local and distributed analysis to reduce traffic flows and improve the flow of useful information to the SOC.
Keywords: security operations centre; open-source intelligence; microservices; risk management; information asset registers; local government; cyber security; cyber resilience
The full article is available to subscribers to the journal.
Author's Biography
Mark Brett is a chartered manager and chartered IT professional. He is a CCP Lead SIRA, having an outstanding track record as a senior manager and consultant in local and central government. Mark is actively engaged in the Local Government Cyber Resilience Programme with Department of Levelling Up, Communities and Housing. Mark worked for 3 years in the PSN Programme as GDS Lead IA Adviser and PSN SOC/Security Manager. As Lead Security Analyst in MOJ Digital, he developed an agile approach towards information risk management and assurance, which he has implemented in the Department of Levelling up, Communities and Housing (DLUCH). He was the CIO of London Connects. As Deputy Director in the London Resilience Team, he designed and implemented a Pan-London Emergency Management Extranet and was instrumental in setting up the WARP programme for CPNI. While being the Information Assurance Adviser to the Local Government Association, he is also the author of the Local Public Services Data Handling guidelines. He continues to lead the local government's IA work as a special adviser to the Local CIO Council and through the Local Government Cyber Security Stakeholder Group and the Local Government PSN Board. He is currently a cyber technical adviser to DLUCH, working on the National Cyber Security Programme—Local. His work in the cyber and resilience world involves developing cyber resilience exercises and response capability training, which is being used within local resilience forums in England and leading the Cyber Resilience Programme in Wales for the Welsh Government working with the four Welsh LRFs. He has recently authored the emergency management exercise that is being run across the English Local Resilience Forums. He is a Fellow of the Institute of Civil Protection and Emergency Management and a Member of the Emergency Planning Society. He is an Honorary Visiting Fellow in Cyber London Metropolitan Universities. Having completed a doctoral training programme at De Montfort University.
